Senior Cybersecurity & GRC Leader with GenAI Expertise
Resume:
ANTHONY SMALL, SR.
704-***-**** ********@*****.*** https://www.linkedin.com/in/anthonysmall0015/
EXECUTIVE SUMMARY
Senior cybersecurity and GRC leader with 15+ years of experience delivering enterprise security, AI-enabled risk management, and regulatory compliance programs across utilities, financial services, healthcare, and large consumer technology environments. Proven track record leading cyber asset governance, cloud security posture management, GenAI-enabled SOC automation, and executive risk reporting. Expert in bridging engineering, security operations, and executive leadership to operationalize secure AI adoption, improve regulatory readiness, and reduce enterprise risk at scale.
CORE LEADERSHIP AREAS
AI Security & Responsible AI Governance, Cybersecurity Program & Portfolio Leadership, Cloud Security & Identity Risk Management, Cyber Asset Registry & Vulnerability Governance, Regulatory Compliance (NIST, NERC CIP, SOX, GDPR), GRC Platforms (AuditBoard, RSA Archer, ServiceNow GRC), SOC Automation & Threat Operations Enablement, Executive Risk Metrics & Board-Level Reporting, Agile & SAFe Delivery Models, Vendor & Managed Services Oversight
PROFESSIONAL EXPERIENCE
GenAI Senior Business Analyst & SecOps Consultant – Remote/San Francisco, CA Oct 2024 – Present
Pacific Gas & Electric (PG&E)
- Led GenAI-enabled SOC workflows integrating incident data, threat intelligence, and remediation guidance, reducing analyst response time and improving investigation consistency.
- Designed AI-powered knowledge retrieval systems supporting cybersecurity operations and compliance inquiries.
- Implemented Responsible AI governance controls aligned to NIST AI RMF and enterprise risk management standards.
- Partnered with cloud and security architects to improve vulnerability prioritization and remediation automation.
- Developed executive dashboards linking AI risk, control effectiveness, and regulatory exposure.
Senior Cybersecurity Business Analyst – SecOps – Remote/Weybridge, UK Jan 2023 – Oct 2024
Haleon (Global Consumer Healthcare) subsidiary Glaxo Smith Kline
- Optimized global vulnerability management using Tanium and Tenable integrations to improve asset intelligence and patch compliance.
- Implemented cloud permissions governance using Sonrai, reducing excessive privilege exposure across multi-cloud environments.
- Delivered AI-assisted alert correlation models to reduce SOC noise and improve response prioritization.
- Established cybersecurity maturity dashboards aligned to business risk tolerance and compliance objectives.
- Supported enterprise data protection and identity governance for large-scale consumer platforms.
Senior Cybersecurity Business Analyst – PMO & IT Compliance – Hybrid/Charlotte, NC Nov 2017 – Apr 2022
Duke Energy
- Led RSA Archer governance uplift aligning cybersecurity controls with NERC CIP regulatory requirements.
- Executed enterprise compliance gap analyses across OT, IT, and cloud environments.
- Built full traceability from regulations to controls, evidence, and remediation actions.
- Integrated ServiceNow workflows with compliance monitoring and SLA enforcement.
- Briefed executive leadership on regulatory risk posture and remediation investment priorities.
Cybersecurity Agile Business Analyst May 2015 – Jun 2016
B2R Finance LP (Blackstone Portfolio Company)
- Led secure SDLC integration for financial platforms supporting loan origination and servicing systems.
- Implemented data loss prevention and retention governance aligned to financial regulations.
- Integrated ServiceNow ITSM workflows supporting ITIL-based operations.
- Partnered with developers to embed security requirements into CI/CD pipelines.
CERTIFICATIONS
- NERC CIP Certified – Valid through November 2026
- Certified ScrumMaster (CSM)
- RSA Archer GRC Platform Training
- Agile & SAFe Delivery Frameworks
- Ongoing Development: AI Governance & Cyber Risk Management
Contact this candidate